Five Factors Shifting the Future of Malware and Platform Security

April 2nd, 2008

Daniel Eran DilgerThe previous article, The Unavoidable Malware Myth: Why Apple Won’t Inherit Microsoft’s Malware Crown, outlined that Microsoft’s malware crisis is a product of that company’s engineering mistakes, not an unavoidable problem facing whatever computing platform becomes the most popular in the future. Even for those holdouts who choose to ignore the realities of the malware economy–so they can insist that the only reason Macs aren’t infected with viruses is because Apple isn’t selling enough of them–there are other reasons why future platforms, including Apple’s Mac and iPhone, aren’t fated to be plagued with Microsoft’s malware crisis of the past and present.There are five factors related to the future of computing platforms that will prevent Apple from inheriting Microsoft’s malware legacy. Here’s why these factors will have such a significant impact on the future of malware, and why the world’s greatest malware threat will continue to be firmly attached to Microsoft, the company that introduced the epidemic to the world in the first place.

“No Windows for Old Men” composition by Michael Jackson.Apple’s Future Won’t Be Microsoft’s Past because the PC is Dying.We don’t have to hypothetically speculate about whether or not the 90s might return with Apple playing the part of Microsoft’s villain because the future of the PC is dead. Microsoft reigned over a tremendous growth spurt in PCs from 1990 to 2005. Over much of that time, new PC sales were greater than several prior years of sales. The PC has now plateaued. PCs aren’t going to evaporate of course, but sales are not going to grow exponentially and turn over the installed base every couple years any more.

Incidentally, that’s why Apple is focusing on mobile computers and sees so much potential in the iPhone and iPod Touch. Microsoft itself has long been predicting the fall of the conventional PC, but Bill Gates predicted that attention would shift to his company’s Handheld PCs, Tablet PCs, and UMPCs. It has not. While conventional Windows PCs have run out of steam, no replacement product from Microsoft has picked up the slack. Instead, Microsoft’s latest version of Windows has actually served to retard any growth in PC sales.

Windows Enthusiasts repeatedly predicted that Vista, bundled on new PC sales, would rapidly displace earlier versions of Windows, thanks to Microsoft’s monopoly bundling contracts with PC makers that have long served to sell Windows to PC buyers as their only option by simply bypassing any competitive market for PC software. That didn’t happen. Many new PC users are rolling back to Windows XP, many others see no reason to upgrade to new hardware, virtually no one is buying Vista software upgrades at retail, and significant numbers of Windows users are defecting to the Mac platform.

Revolutions Trump Kings.This is resulting in a future that looks nothing like anything even in the recent past. Events are conspiring to hand Apple a far larger share of the PC market than anyone could have predicted. At the same time, the development of the iPhone and iPod Touch, combined with the failure of Tablets, UMPC, Windows Mobile, and the Palm OS, has similarly paved the way open for Apple to grab significant market share in the mobile computing platforms of the future, which appear poised to overshadow the PC market.

The cards that appeared to be stacked in favor of Microsoft are playing out far differently than anyone could have predicted in 2005. The result is an entirely different game, where the rules that Microsoft set in motion under its monopolistic control of the PC market during 90s have become simply irrelevant.

Apple won’t just succeed Windows as the next king of the PC empire; it is starting a revolution in computing that will make the trappings of an empire building monarch an archaic fixture of the past, and usher in a liberalized future where independent platform candidates will rule on their own merits, chosen by users voting with their dollars in the market rather than simply being handed down from Microsoft as a decree by fiat.

Four More Reasons the Future Will Be Different.Industry observers are certainly aware that Apple is gaining market share and challenging Microsoft’s monopoly position. The iPod revolution proved Microsoft’s Windows Media was unfit to rule over music players, despite Microsoft’s insistence that it had the divine right to decree the world’s DRM. The iPhone is similarly revolutionizing the mobile industry, and has stolen the crown of Microsoft’s Windows Mobile.

Many pundits still insist that Apple’s victories in the market can only make the company another new Microsoft, and force it to inherit the malware crisis facing Windows. This is like political commentators of the 16th century complaining that the territories that broke free from England would continue to suffer the same problems they faced under the monarchy, despite those new countries’ purposely devising new forms of government to prevent that from happening.

The truth is, as detailed in the previous article, Microsoft’s malware problem was caused by platform weaknesses, not its large installed base. Microsoft is not going to be as popular in the future, and future platforms will not be as weak. The malware industry will suffer as a result. There are four reasons why:

First, Apple’s iPhone platform is fully malware resistant. As that platform grows, it will be very difficult to distribute malware, easy to kill it, and trivial to clean it up. Apple is limiting the distribution of software in a model similar to the console video gaming market. There are no real malware exploits dogging the PlayStation 3, the Wii, or even Microsoft’s Xbox 360. There weren’t any for the Sega Genesis, nor the GameBoy, nor the NES. That’s because malware isn’t a product of popularity, it’s a symptom of weakness.

The iPhone’s firmware, like all of those gaming platforms, can be attacked to run homebrew software, but that unsupported software can’t run on default systems, preventing any malicious malware from spreading outside the homebrew community. Incidentally, when the Xbox or Wii or PSP is cracked to run homebrew games, users rejoice and the media congratulates the crackers who developed the software. When the iPhone is similarly cracked to run homebrew software, Apple’s security credentials are questioned, iPhones with cracked firmware are referred to as “p0wned,” and the media describes the platform as being “exploited by hackers.” This kind of coverage is either fundamentally ignorant or grossly hypocritical.

The iPhone will usher in something other vendors have largely only talked about: a managed platform that is highly resistant to malware. Apple is able to introduce this new world of secured computing because the company has established a trusted relationship with its Mac and iPod customers, and does not control a powerful monopoly over the market for smartphones or PDAs. While many have criticized Apple’s strategy by suggesting the company might act unfairly to restrain trade by rivals in the way that Microsoft has on the Windows platform, Apple has no pattern of illegal conduct backing up the idea that it would suddenly start acting like Microsoft.

In contrast, Microsoft was unable to introduce Palladium, its own plan to do the same thing to the PC, because the industry didn’t trust Microsoft to play fair and because Microsoft held a monopolistic grasp of the entire PC industry. Microsoft wasn’t introducing a new product like the iPhone, competing against entrenched rivals; it was trying to infiltrate the existing, monopolized PC market with a locked down position of leverage that would prevent every PC from every manufacturer from running code Microsoft did not approve of in advance, such as Linux. Microsoft has a documented pattern of cheating customers, backstabbing partners, and flouting the law to kill competitors. Apple does not, giving it the opportunity to affect change with the iPhone.

Second, Mac OS X is going to follow in some of the same security practices as the iPhone: code signing, sandboxing, etc. As the Mac grows in market share (and the Mac has far more growth potential in taking over PC market share than the Windows PC has in growing its total market; Apple can only grow, while Microsoft can only struggle against shrinkage), Apple will continue to erect new barriers to the problems that do not currently affect the Mac platform.

There will not be a scourge of Mac malware because the Mac will harden its defenses before ever being seriously attacked. Additional Mac market share and the increase in attention from malware authors will not overcome the expense and difficulty of developing Mac malware that already exists. New efforts to bolster Mac security will keep the cost of developing Mac malware high enough to be impractical.

Many pundits insist that malware authors write exploits simply to prove they can. However, the malware crisis facing Windows is not supported in any significant sense by attackers seeking to make a name for themselves; the malware market exists to send spam, show ads, spy out valuable market data, and steal identity information. Windows malware is big because its a profitable business. While Mac viruses and malware may someday be written for chest beating or giggles, it will never become a big business because Apple will consistently act to stop it.

As will be detailed later, Microsoft did not work to stop malware on Windows because it either benefitted from it or because it saw no payback in solving the problem for users. Only when the security crisis of malware began to make Microsoft look bad did the company make any effort to address it, and by then it was too late to make meaningful, rapid adjustments. The absence of malware on the Mac is a key feature Apple advertises, so the company has a powerful incentive to stop malware attacks before they ever begin to infiltrate the platform.

Third, Microsoft is doing many of the same things to secure Vista. The Windows security crisis helped to derail Microsoft’s plans for Longhorn and sent the company scrambling to peel the egg off its face instead. Despite being years late, Vista addresses many of the architectural problems of Windows, and future versions will continue to improve Microsoft’s situation.

However, neither Vista nor the Mac will solve the problems related to Microsoft’s legacy of a large installed base of weak Windows PC. There are lots of botnet PCs out there that will remain connected to the network, sending out spam. Many unpatched Windows 2000/XP computers will remain in use over the next decade, fully open to the infectious pool that is the Windows security nightmare. Windows Vista will not solve Windows’ vista.

While Vista improves in its ability to resist external malware attacks, it will still be plagued with malware, for reasons I note below. Even so, Vista’s resiliency will have an impact on the future of the now thriving malware market.

Fourth, a new class of cheap PC replacements is working its way into emerging markets. Linux based PCs like the OLPC’s XO-1 system will create an alternative to the growth of the conventional PC in those markets. These will likely be more resistant to malware, but also less attractive to malware authors, as a WiFi OLPC isn’t going to make a great botnet spam server in the way that a Windows XP gamer PC on cable Internet does.

The Outcome of Four New Secured Platforms.This all means that new Macs, Vista PCs, and emerging market systems running Linux will all be quite resistant to malware attacks and new platforms like the iPhone and iPod Touch will be malware free. While determined villains will always find ways to assault computing systems in targeted attacks, the improvements across the board in hardening all computing platforms will serve to simply price today’s general nuisance malware developers out of the market.

Like buggy whip manufacturers at the dawn of the automobile, malware authors will no longer enjoy a viable market for their product among legions of horse whipped PCs delivered from the factory wide open to assault, ready to spread virulent attacks, with flawed patching mechanisms and a software architecture that’s so hard to clean up after an exploit that many users don’t bother.

The disease pool of today’s Windows PCs, including all those enterprise boxes that won’t be upgrading to Vista anytime soon, will continue to breed a cheap and profitable malware industry that sends out spam, pops up ads, and tries to replicate itself into new botnet nodes. However, the real malware problem of the future won’t be anchored in Microsoft’s bad decisions of the past. Instead, it will be charted out by Microsoft’s bad decisions of the present and unfortunately, it appears, the future.

Microsoft Wasn’t a Malware Victim; It was a Malware Villain.The future will not be a simple repetition of Microsoft’s past; even Microsoft is divorcing itself from its disastrously irresponsible engineering legacy. Will there be efforts to advertise spam, pop up ads, and spy on users in the future? Certainly, but those efforts will not delivered at firehouse pressures via the cheap, tacky Windows PCs that Bill Gates served up, where computers shipped right from the manufacturer with a poorly designed operating system full of weak holes, open ports, and ActiveX plugins that begging for exploitation, topped with bundled spyware from Microsoft itself and their prominent desktop real estate auctioned off to the highest bidder.

The world seems quick to forget that Microsoft not only delivered weak software prime for exploit, but also directly worked to advance the deployment of spyware and adware whenever it suited the company’s needs. The company has long bundled Alexa with Windows, something spyware tools identify as offensive because it calls home to report the websites users visit. Microsoft’s infatuation with malware even led it into talks to acquire Claria, the maker of Gator and the most heinously infamous malware vendor of the day. Prior to doing so, Microsoft even reclassified Claria’s malware as non-threatening in its own malware scanning tools. Once Microsoft owned it, the company planned to turn Gator into respectable adware by fiat of Gates.

Microsoft has pushed adware through its own software and web services, seeking to copy Google’s business plan and then go a step further to tie advertising into its monopoly platform. It has worked to deploy a phone home spyware tool to report how users use Windows as an attempt to limit piracy. But that tool, misleadingly called Windows Genuine Advantage and deceptively identified as a critical software update users need to install for their own safety, also phones home other encrypted information that has never been disclosed.

Even if Microsoft could establish impenetrable security for Vista, Windows would still be plagued with spyware, adware and other ills because Microsoft is the largest distributor of malware on the planet and purposely distributes some of the most pestilent and questionable malware in existence. It has only ever demonstrated a desire to expand those efforts by adding more user targeted advertising and by clamping down its spyware-based license policing in Vista.

Ironically, Microsoft now sells services to limit competing malware and virus distribution. It even faces criticism from anti-virus vendors for barring them access to the same mechanisms it uses to scan for third party viruses from its fee-based malware cleanup tools. Microsoft makes so much money from malware removal that it’s seeking to monopolize the market for itself. This is yet another way that Microsoft is profiting from the malware crisis it created.

Microsoft’s Malware Infatuation.While Microsoft chafes at Apple’s advertising that touts Mac security and the reality that no viruses exist for its platform, the company is too indebted to its own efforts to:

auction off the rights to bundle malware created by approved partners in Windows,

benefit from the bundling of its own adware and spyware,

and profit from third party malware removal,

that it will never be able to let go of its dysfunctional relationship with malware. Microsoft is joined at the hip to malware, and will dance with it into oblivion as its platform is abandoned by users sick of ads, tired of being spied upon, and irate that a significant percentage of their purchased hardware computing power is being eaten up by tools that exist to clean up the mess Microsoft allowed, then supported, and currently seeks to monopolize and rebrand as a legitimate business.

The good news is that Microsoft won’t continue to be the only only game in town, either in the PC market or among the mobile platforms that will increasingly replace it in the future. Those platforms will not embrace malware as Microsoft has, giving users another reason to abandon Windows.

I really like to hear from readers. Comment in the Forum or email me with your ideas.

Like reading RoughlyDrafted? Share articles with your friends, link from your blog, and subscribe to my podcast! Submit to Reddit or Slashdot, or consider making a small donation supporting this site. Thanks!